Thursday, February 09, 2017

The 2017 W-2
Phishing Victims List continues to grow, and I’m not posting most of them
as individual reports, but one news story involving Monarch Beverage Company
in Indianapolis deserves special mention because as CBS
reports:

While investigating this
incident, the company discovered the same thing happened in April 2016. A scammer posing as the CEO asked for the 2015
forms on April 4, 2016. Those forms were
provided by the employee.

So yes, I went back to the 2016
W-2 Phishing Victims list and added the company to that list, too, bringing
the 2016 list to 146 entries. The 2017 list
stands at 30 entries as of the time of this posting, but given that this is
only the beginning of February, that number will undoubtedly grow.

(Related).Whatever
process was in place to detect data moving out of secure areas was clearly a
failure.Why?If he was allowed to take data out, was there
a check to ensure he brought it back?Did anyone care?

A former National Security
Agency contractor was indicted on Wednesday by a federal grand jury on charges
he willfully retained national defense information, in what U.S. officials have
said may have been the largest heist of classified government information in history.

The indictment alleges that
Harold Thomas Martin, 52, spent up to
20 years stealing highly sensitive government material from the U.S.
intelligence community related to national defense, collecting a trove of
secrets he hoarded at his home in Glen Burnie, Maryland.

(Related).A very
simple way to take information like customer details.

On August 24, 2012, a Health Department employee began automatically forwarding all emails
received in the employee’s county email account to a personal Google email
account not maintained by the county. Some of these emails included protected health
information (PHI) subject to the Health Insurance Portability and
Accountability Act (HIPAA) were forwarded.

Multnomah County personnel discovered the incident on Nov. 22, 2016during
a random audit.

Analysis of 128 penetration tests conducted in the fourth
quarter of 2016 shows that approximately two-thirds of tested companies were
successfully breached. This is despite
the limited time -- in 89% of cases, less than two weeks -- available to the
pentesters compared to the effectively unlimited time available to blackhat
attackers.

…The report highlights the value of protecting credentials. "The number one method of obtaining
account access," it states, "starts with very simple password
guessing

Over the last 24 hours, Google has been sending notices to
developers worldwide stating its intention to “limit visibility” or
remove apps from the Play Store that violate the company’s User
Data policy.For most devs, the
violation seems to be a simple one: lack of a privacy policy.

Biometric ticketing is one of
several innovations identified by the Rail Delivery Group (RDG) in its digital
blueprint for Britain’s railway.

The blueprint, which has been
published on the same day as the RDG annual conference, suggests that Bluetooth
and biometric ticketing could eventually replace the magnetic strip tickets
that have been around since the 1980s.

RDG pointed to the development of
a mobile app that uses Bluetooth to automatically open ticket barrier gates. This technology is being trialled by Chiltern
Railways between Oxford Parkway and London Marylebone this year.

A further development of
ticketing technology could see biometric systems, which use fingerprints
and eye scanning, implemented.

“Could see?” What
if passengers don’t want to have to give up their biometric data just to take a
train? And what security and privacy
would be in place? For how long would
data be stored? With whom could it be
shared?

Look, if people want to speed up processing and are happy
using their fingerprints or iris scans to do so, let them – after they’re fully
informed of the potential consequences down the tracks. But just imposing this makes the rail system
part of a national surveillance system, which is a horrible idea.

Uber Technologies Inc. is turning to rental-car firm
Zipcar in its relentless drive to hook more drivers up to its ride-hailing
network.

In Uber’s deal with Zipcar, a unit of Avis Budget Group Inc., drivers in Boston can rent vehicles for
$12 an hour, on top of a $7 monthly rental fee, roughly in line with what
Zipcar offers cars for in the city. Based on a search of Zipcar’s website on
Wednesday, vehicles ranged from $6 per hour to as much as $13 per hour,
depending on vehicle type.

At the special rental rates, it could be tricky for Uber
drivers to bring in much of a profit.Rates
vary, but Uber drivers say they can make $15 to $20 an hour when there is
strong demand. That doesn’t include
expenses that Uber passes to drivers, such as fuel, tolls and insurance, though
Zipcar’s membership covers those.

Modifying Apps for countries with users in countries with limited
infrastructure?South Korea?

Facebook’s stripped-down but speedy Lite app is growing
fast and adding countries so it can keep connecting people and building the
company’s business in the low-bandwidth world where revenue increased 52% this year.

Facebook Lite launched in June 2015, it rocketed to 100
million monthly users by March 2016, and now it’s doubled in size to 200 million users, Mark Zuckerberg says. And that’s just in a limited set of countries
which today expands to include Israel, Italy, United Arab Emirates, and South
Korea.

…Facebook Lite is
partly why the social giant has managed to boost its business in the Rest Of
World region. Average revenue per user is up 28%this year from $1.10 to
$1.41. And that pushed its Rest Of World
revenue up 52% this year to $839 million per quarter.

…But rather than
wait for the developing world’s network infrastructure to increase bandwidth,
Facebook shrunk its app into a Lite version.

…The art of war
necessitates the importance of knowing who your ‘attacker’ is. Being able to trace an IP address to a PC is a
direct way to remove the cloak of anonymity from a computer communicating with
your own.

Flipboard 4.0 completely redesigned for a more personalized
experience

Flipboard, one of the most popular news
aggregator apps on the market, has received a major update that brings a
whole new design along with a few interesting features to the table.The biggest change is the introduction of the
“Smart Magazine”, which changes the way you organize stories and topics you’re
interested in.

In an official blog post, Flipboard gave us an example of
how the new feature works.When you open
up the app, simply swipe left to add your passion.If you pick a broad topic like photography,
you can then dig a little deeper and choose what kind of photography you are
most interested in (for example: street photography).After you have made your selection, simply
press “Done” and Flipboard will automatically create a Smart Magazine just for
you with stories relating to the topic you have chosen.

You can also create and build your own Custom Magazines by
adding content from any source, person, or publication you want to follow.

The next time someone tells me they don’t like
Trump/Congress/’that law’/etc. I’ll give them this.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.